timmy-tower

replit/timmy-tower

Fork 0

Commit Graph

Author	SHA1	Message	Date
Replit Agent	b0ac398cf2	fix(#26 ): apply decay before score mutations in recordSuccess/recordFailure Previously recordSuccess/recordFailure read identity.trustScore (raw stored value) and incremented/decremented from there. Long-absent identities could instantly recover their pre-absence tier on the first interaction, defeating decay. Fix: both methods now call applyDecay(identity) first to get the true current baseline, then apply the score delta from there before persisting.	2026-03-19 16:11:36 +00:00
Replit Agent	9b778351e4	feat(#26 ): Nostr identity + trust engine - New nostr_identities DB table (pubkey, trust_score, tier, interaction_count, sats_absorbed_today, last_seen) - nullable nostr_pubkey FK on sessions + jobs tables; schema pushed - TrustService: getTier, getOrCreate, recordSuccess/Failure, HMAC token (issue/verify) - Soft score decay (lazy, on read) when identity absent > N days - POST /api/identity/challenge + POST /api/identity/verify (NIP-01 sig verification) - GET /api/identity/me — look up trust profile by X-Nostr-Token - POST /api/sessions + POST /api/jobs accept optional nostr_token; bind pubkey to row - GET /sessions/:id + GET /jobs/:id include trust_tier in response - recordSuccess/Failure called after session request + job work completes - X-Nostr-Token added to CORS allowedHeaders + exposedHeaders - TIMMY_TOKEN_SECRET set as persistent shared env var	2026-03-19 15:59:14 +00:00

Author

SHA1

Message

Date

Replit Agent

b0ac398cf2

fix(#26 ): apply decay before score mutations in recordSuccess/recordFailure

Previously recordSuccess/recordFailure read identity.trustScore (raw stored value)
and incremented/decremented from there. Long-absent identities could instantly
recover their pre-absence tier on the first interaction, defeating decay.

Fix: both methods now call applyDecay(identity) first to get the true current
baseline, then apply the score delta from there before persisting.

2026-03-19 16:11:36 +00:00

Replit Agent

9b778351e4

feat(#26 ): Nostr identity + trust engine

- New nostr_identities DB table (pubkey, trust_score, tier, interaction_count, sats_absorbed_today, last_seen)
- nullable nostr_pubkey FK on sessions + jobs tables; schema pushed
- TrustService: getTier, getOrCreate, recordSuccess/Failure, HMAC token (issue/verify)
- Soft score decay (lazy, on read) when identity absent > N days
- POST /api/identity/challenge + POST /api/identity/verify (NIP-01 sig verification)
- GET /api/identity/me — look up trust profile by X-Nostr-Token
- POST /api/sessions + POST /api/jobs accept optional nostr_token; bind pubkey to row
- GET /sessions/:id + GET /jobs/:id include trust_tier in response
- recordSuccess/Failure called after session request + job work completes
- X-Nostr-Token added to CORS allowedHeaders + exposedHeaders
- TIMMY_TOKEN_SECRET set as persistent shared env var

2026-03-19 15:59:14 +00:00

2 Commits